agent: Enable kata-cc-rustls-tls in image-rs

- Enable the kata-cc-rustls-tls feature in image-rs, so that it can get resources from the KBS in order to retrieve the registry credentials. - Also bump to the latest image-rs to pick up protobuf fixes - Add libprotobuf-dev dependency to the agent packaging as it is needed by the new image-rs feature - Add extra env in the agent make test as the new version of the anyhow crate has changed the backtrace capture thus unit tests of kata-agent that compares a raised error with an expected one would fail. To fix this, we need only panics to have backtraces, thus set RUST_BACKTRACE=0 for tests due to document https://docs.rs/anyhow/latest/anyhow/ Fixes #9538 Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com> Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-08-02 08:17:01 +00:00 · 2024-04-10 10:43:17 +08:00 · 2024-04-10 10:43:17 +08:00 · 1072658219
commit 1072658219
parent 3b72e9ffab
4 changed files with 2147 additions and 1354 deletions
--- a/src/agent/Cargo.lock
+++ b/src/agent/Cargo.lock
--- a/src/agent/Cargo.toml
+++ b/src/agent/Cargo.toml
@ -21,7 +21,6 @@ scopeguard = "1.0.0"
 thiserror = "1.0.26"
 regex = "1.10.4"
 serial_test = "0.5.1"
-oci-distribution = "0.10.0"
 url = "2.5.0"
 derivative = "2.2.0"
 kata-sys-util = { path = "../libs/kata-sys-util" }
@ -58,12 +57,7 @@ cfg-if = "1.0.0"
 prometheus = { version = "0.13.0", features = ["process"] }
 procfs = "0.12.0"

-# anyhow is currently locked at 1.0.58 because:
-# - Versions between 1.0.59 - 1.0.76 have not been tested yet using Kata CI.
-#   However, those versions are passing "make test" for the Kata Agent.
-# - Versions 1.0.77 or newer fail during "make test" - see
-#   https://github.com/kata-containers/kata-containers/issues/9538
-anyhow = "=1.0.58"
+anyhow = "1"

 cgroups = { package = "cgroups-rs", version = "0.3.3" }

@ -82,9 +76,7 @@ strum = "0.26.2"
 strum_macros = "0.26.2"

 # Image pull/decrypt
-# Note: this is the last commit before an issue with whiteout causes problems with some tests
-image-rs = { git = "https://github.com/confidential-containers/guest-components", rev = "53c2b7dae453daf6cba238b4817e95e703d6a519", default-features = true, optional = true }
-openssl = { version = "0.10.54", features = ["vendored"], optional = true }
+image-rs = { git = "https://github.com/confidential-containers/guest-components", rev = "2c5ac6b01aafcb0be3875f5743c77d654a548146", default-features = false, optional = true }

 # Agent Policy
 regorus = { version = "0.1.4", default-features = false, features = [
@ -111,7 +103,7 @@ default-pull = ["guest-pull"]
 seccomp = ["rustjail/seccomp"]
 standard-oci-runtime = ["rustjail/standard-oci-runtime"]
 agent-policy = ["regorus"]
-guest-pull = ["image-rs", "openssl"]
+guest-pull = ["image-rs/kata-cc-rustls-tls"]

 [[bin]]
 name = "kata-agent"
--- a/src/agent/Makefile
+++ b/src/agent/Makefile
@ -159,7 +159,7 @@ vendor:

 #TARGET test: run cargo tests
 test: $(GENERATED_FILES)
-	@cargo test --all --target $(TRIPLE) $(EXTRA_RUSTFEATURES) -- --nocapture
+	@RUST_LIB_BACKTRACE=0 cargo test --all --target $(TRIPLE) $(EXTRA_RUSTFEATURES) -- --nocapture

 ##TARGET check: run test
 check: $(GENERATED_FILES) standard_rust_check
--- a/tools/packaging/static-build/agent/Dockerfile
+++ b/tools/packaging/static-build/agent/Dockerfile
@ -26,16 +26,17 @@ RUN mkdir ${RUSTUP_HOME} ${CARGO_HOME} && chmod -R a+rwX /opt
 RUN apt-get update && \
 	apt-get --no-install-recommends -y install \
 		ca-certificates \
+		clang \
 		curl \
 		g++ \
 		gcc \
+		libprotobuf-dev \
 		libssl-dev \
 		make \
 		musl-tools \
 		openssl \
 		perl \
-		protobuf-compiler \
-		clang && \
+		protobuf-compiler && \
 	apt-get clean && rm -rf /var/lib/apt/lists/ && \
 	curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN}